SFTP enhance security readiness
search cancel

SFTP enhance security readiness

book

Article ID: 375423

calendar_today

Updated On:

Products

Clarity PPM SaaS

Issue/Introduction

As a part of our continual security enhancements practices, we keep revisiting our permissible ciphers and adapting more secure ones. As a part of recent change SHA1 host algorithm is deprecated, please refer the KB to understand the change impact.

Environment

Component: Clarity

Release: SaaS

Resolution

Due to above change below impact can be observed and choose appropriate remediation

  • Server Hash Change:
    Remediation: If you are tracking old Hash values, please note that with above change there will be change in Server Hash

  • Connecting to SFTP via clients/scripts may fail
    Remediation: Connecting to SFTP via script/external clients please make sure to use either mentioned allowed algorithms

Supported Algorithms/Ciphers

 

Ciphers MACs Key Algorithms HostKey Algorithms
  • curve25519-sha256
  • [email protected]
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512